Network Working Group B. Kaliski
Request for Comments: 2315 RSA Laboratories, East
Category: Informational March 1998
PKCS #7: Cryptographic Message Syntax
Version 1.5
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Overview
This document describes a general syntax for data that may have
cryptography applied to it, such as digital signatures and digital
envelopes. The syntax admits recursion, so that, for example, one
envelope can be nested inside another, or one party can sign some
previously enveloped digital data. It also allows arbitrary
attributes, such as signing time, to be authenticated along with the
content of a message, and provides for other attributes such as
countersignatures to be associated with a signature. A degenerate
case of the syntax provides a means for disseminating certificates
and certificate-revocation lists.
1. Scope
This document is compatible with Privacy-Enhanced Mail (PEM) in that
signed-data and signed-and-enveloped-data content, constructed in a
PEM-compatible mode, can be converted into PEM messages without any
cryptographic operations. PEM messages can similarly be converted
into the signed-data and signed-and-enveloped data content types.
This document can support a variety of architectures for
certificate-based key management, such as the one proposed for
Privacy-Enhanced Mail in RFC 1422. Architectural decisions such as
what certificate issuers are considered "top-level," what entities
certificate issuers are authorized to certify, what distinguished
names are considered acceptable, and what policies certificate
issuers must follow (such as signing only with secure hardware, or
requiring entities to present specific forms of identification) are
left outside the document.
Kaliski Informational [Page 1]RFC 2315 PKCS #7: Crytographic Message Syntax March 1998
The values produced according to this document are intended to be
BER-encoded, which means that the values would typically be
represented as octet strings. While many systems are capable of
transmitting arbitrary octet strings reliably, it is well known that
many electronic-mail systems are not. This document does not address
mechanisms for encoding octet strings as (say) strings of ASCII
characters or other techniques for enabling reliable transmission by
re-encoding the octet string. RFC 1421 suggests one possible solution
to this problem.
2. References
FIPS PUB 46-1 National Bureau of Standards. FIPS PUB 46-1:
Data Encryption Standard. January 1988.
PKCS #1 RSA Laboratories. PKCS #1: RSA Encryption.
Version 1.5, November 1993.
PKCS #6 RSA Laboratories. PKCS #6: Extended-Certificate
Syntax. Version 1.5, November 1993.
PKCS #9 RSA Laboratories. PKCS #9: Selected Attribute
Types. Version 1.1, November 1993.
RFC 1421 Linn, J., "Privacy Enhancement for
Internet Electronic Mail: Part I: Message
Encryption and Authentication Procedures," RFC 1421
February 1993.
RFC 1422 Kent, S., "Privacy Enhancement for
Internet Electronic Mail: Part II: Certificate-
Based Key Management," RFC 1422, February 1993.
RFC 1423 Balenson, D., "Privacy Enhancement for
Internet Electronic Mail: Part III: Algorithms,
Modes, and Identifiers," RFC 1423, February 1993.
RFC 1424 Kaliski, B., "Privacy Enhancement for
Internet Electronic Mail: Part IV: Key
Certification and Related Services," RFC 1424,
February 1993.
Kaliski Informational [Page 2]RFC 2315 PKCS #7: Crytographic Message Syntax March 1998
RFC 1319 Kaliski, B., "The MD2 Message-Digest
Algorithm," RFC 1319, April 1992.
RFC 1321 Rivest, R., "The MD5 Message-Digest
Algorithm," RFC 1321, April 1992.
X.208 CCITT. Recommendation X.208: Specification of
Abstract Syntax Notation One (ASN.1). 1988.
X.209 CCITT. Recommendation X.209: Specification of
Basic Encoding Rules for Abstract Syntax Notation
One (ASN.1). 1988.
X.500 CCITT. Recommendation X.500: The Directory--
Overview of Concepts, Models and
Services. 1988.
X.501 CCITT. Recommendation X.501: The Directory--